Menu
EU tells US it must make next move on new Safe Harbor deal

EU tells US it must make next move on new Safe Harbor deal

Reaching a new Safe Harbor agreement is urgent, but the U.S. must make the next move, European Commissioners said Friday

The European Union put the onus firmly on the U.S. to make the next move in negotiating a replacement for the now-defunct Safe Harbor Agreement on privacy protection for transatlantic personal data transfers.

"We need a new transatlantic framework for data transfers," said Vĕra Jourová, the European Commissioner for Justice and Consumers, emphasizing the urgency of the situation. However, she said at a news conference in Brussels on Friday, "It is now for the U.S. to come back with their answers."

EU law requires that companies guarantee the same privacy protection for the personal information of EU citizens that they hold, wherever in the world they process it.

The Safe Harbor Agreement was a simple mechanism by which companies could offer that guarantee. Reached between the European Commission and the U.S. in 2000, it allowed U.S. companies to certify that they followed EU privacy rules -- but it was struck down by the Court of Justice of the EU on Oct. 6 for not providing sufficient legal safeguards.

On Friday, the Commission published a new guide for businesses looking for ways to legally export personal information to the U.S., post Safe Harbor. However, it does little more than repeat the advice the Commission gave on the day of the court's ruling.

"Until such time as the renewed transatlantic framework is in place, companies need to rely on the alternative transfer tools available," the guide says.

Jourová recognized that won't always be easy: "Companies face some limitations when relying on alternative tools."

Safe Harbor was simple for European companies to implement, as all they had to do was contract with a U.S. data processor registered under the agreement. It was the responsibility of the U.S. company to ensure compliance.

The alternative mechanisms provided for in the EU's 1995 Data Protection Directive -- standard contract clauses, binding corporate rules, or obtaining the informed consent of the person whose data is transferred -- put the responsibility squarely on the company at the origin of the transfer.

"Whatever they choose, they must be able to prove that the protection is in place, that they guarantee the protection of data transferred to the U.S. This is especially a challenge for SMEs," Jourová said.

Her colleague Andrus Ansip, European Commissioner for the Digital Single Market, pointed out that the use of these tools is nothing new: Many companies began complying with the directive's requirements in the five years before Safe Harbor was introduced.

"Many of those data flows are based on contract clauses," he said.

Whether a new Safe Harbor agreement will resolve the questions raised by the court is open to doubt. Some critics have said that, without wholesale reform of U.S. law, it just isn't possible to provide the guarantees EU law requires. And while the majority of the EU's data protection authorities are still studying whether the alternative tools are sufficient, German authorities are so concerned about them that have suspended all new registrations for data exports  

Ansip gave a nod to some of those concerns: "It's up to lawyers to say exactly what will be needed. A legally binding administrative decision will be needed to make this Safe Harbor 2.0 bulletproof," he said.

In other words, Safe Harbor's successor isn't safe until it too has been tested by the EU's highest court.

That's the challenge, then, for the U.S. officials that Jourová is waiting to hear from. Next week, she said, she will travel to Washington, "to discuss the issue at the highest political level."

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Safe Harbor

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments